I’m creating a Arch Linux based docker container that uses gnome-keyring for storing secrets. I run the container by
sudo docker run --rm --cap-add ipc_lock --cap-add NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -ti test/arch
and I’m able to store secrets if I login as root. I would like to avoid to use root user and I’m trying to use a standard user for storing secrets but I get a couldn't connect to dbus session bus: Cannot spawn a message bus when AT_SECURE is set when I start the gnome-keyring-daemon.
Specifically, by the standard user inside the Arch-based container I run:
eval "$(dbus-launch --sh-syntax)"
mkdir -p ~/.cache
mkdir -p ~/.local/share/keyrings # where the automatic keyring is created
# 1. Create the keyring manually with a dummy password in stdin
eval "$(printf '\n' | gnome-keyring-daemon --unlock)"
# 2. Start the daemon, using the password to unlock the just-created keyring:
eval "$(printf '\n' | /usr/bin/gnome-keyring-daemon --start)"
and on the last command above I get:
** Message: 11:33:29.296: couldn't connect to dbus session bus: Cannot spawn a message bus when AT_SECURE is set
This method works only by using root user.
I read about GIO security hardening causing gnome-keyring to regress when session bus is provided by dbus-launch (dbus-x11) (#2305) · Issues · GNOME / GLib · GitLab and, following the statements of @smcv I was thinking to use dbus-user-session but on Arch Linux the dbus-user-session package does not exist.
I also tried to run the docker by adding --env DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus --volume /run/user/1000/bus:/run/user/1000/bus with no luck.
Is there a way to run gnome-keyring-daemon as standard user in a Arch-based docker container?